Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Addresses comments from #623 in ActiveRolesProvider #708

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

Addresses comments from #623 in ActiveRolesProvider #708

wants to merge 1 commit into from
+18 −18

Conversation

collado-mike
Copy link
Contributor

Addresses comments from #623

@collado-mike collado-mike marked this pull request as draft January 11, 2025 23:16
adutra
adutra reviewed Jan 12, 2025
View reviewed changes
.../org/apache/polaris/service/dropwizard/auth/PolarisPrincipalRoleSecurityContextProvider.java
@@ -53,6 +54,10 @@ public void filter(ContainerRequestContext requestContext) throws IOException {
public SecurityContext createSecurityContext(
SecurityContext ctx, AuthenticatedPolarisPrincipal principal) {
Set<String> validRoleNames = activeRolesProvider.getActiveRoles(principal);
if (validRoleNames.isEmpty()) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is making the tests fail, and I think we do have a problem. DefaultActiveRolesProvider expects the principal to have the role PRINCIPAL_ROLE_ALL when all roles are activated:

boolean allRoles = tokenRoles.contains(BasePolarisAuthenticator.PRINCIPAL_ROLE_ALL);

But BasePolarisAuhtenticator creates a principal with an empty roles set in that case. You need to change BasePolarisAuthenticator.getPrincipal():

  if (tokenInfo.getScope() != null) {
      if (tokenInfo.getScope().equals(PRINCIPAL_ROLE_ALL)) {
        activatedPrincipalRoles.add(PRINCIPAL_ROLE_ALL); // this is missing
      } else {
        activatedPrincipalRoles.addAll(...);
      }
    }

@adutra
Copy link
Contributor

adutra commented Jan 14, 2025

@collado-mike if you want to rebase this PR, the two filters were moved/renamed to:

org.apache.polaris.service.auth.PolarisPrincipalAuthenticatorFilter
org.apache.polaris.service.auth.PolarisPrincipalRolesProviderFilter

Both are in polaris-service-common.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adutra adutra adutra left review comments

@ashvina ashvina Awaiting requested review from ashvina ashvina is a code owner

@dimas-b dimas-b Awaiting requested review from dimas-b dimas-b is a code owner

@eric-maynard eric-maynard Awaiting requested review from eric-maynard eric-maynard is a code owner

@jackye1995 jackye1995 Awaiting requested review from jackye1995 jackye1995 is a code owner

@jbonofre jbonofre Awaiting requested review from jbonofre jbonofre is a code owner

@vvcephei vvcephei Awaiting requested review from vvcephei vvcephei is a code owner

@snazy snazy Awaiting requested review from snazy snazy is a code owner

@RussellSpitzer RussellSpitzer Awaiting requested review from RussellSpitzer RussellSpitzer is a code owner

@takidau takidau Awaiting requested review from takidau takidau is a code owner

@flyrain flyrain Awaiting requested review from flyrain flyrain is a code owner

@ebyhr ebyhr Awaiting requested review from ebyhr ebyhr is a code owner

@dennishuo dennishuo Awaiting requested review from dennishuo dennishuo will be requested when the pull request is marked ready for review dennishuo is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@collado-mike @adutra @sfc-gh-mcollado